Session Management

Overview

In Servoy, session management is essential for optimizing server resources, maintaining application performance, and ensuring security. Idle sessions can be handled in two distinct ways, depending on whether the session is disconnected from the server or simply inactive.

Disconnected from the Server

A session is considered "disconnected" when the client loses connection to the server. This can happen for several reasons:

• Network Issues: The user’s internet connection drops.

• Browser Closed: The user exits the browser or closes the active tab.

• System Inactivity: The user shuts their laptop, causing the system to enter sleep mode.

Disconnected sessions are managed using the Sablo.window.timeout.secs property. This property defines the time (in seconds) that the server waits before terminating a disconnected session. The default timeout value is 60 seconds. Once this timeout is reached, the server frees up resources by killing the session.

Key considerations:

• This type of session management ensures efficient resource usage.

• Developers can adjust the Sablo.window.timeout.secs value to accommodate application-specific needs.

Idle Session

An idle session occurs when the client remains connected to the server but there is no user activity. Examples of inactivity include:

• No mouse movements.

• No keyboard input.

• The browser window is minimized or inactive.

Idle sessions are tracked using the Idle Web Service. The svyIdle service provides advanced features to detect and handle idle sessions, allowing developers to implement custom behaviors such as:

• Logging users out after a period of inactivity.

• Displaying warnings or dialogs when the session is about to expire.

• Monitoring whether the browser window is hidden or shown.

Key Features of svyIdle:

• Event-Based Idle Detection: Tracks user inactivity through events like mousemove, keydown, mousedown, and touchstart.

• Idle Time Configuration: Allows developers to define the idle timeout in milliseconds.

• Window Visibility Monitoring: Detects whether the browser window is hidden or visible.

• Custom Callbacks: Supports callback functions for various states:

  • Idle: When the user is inactive for the specified duration.

  • Active: When the user resumes activity.

  • Hidden: When the browser window becomes inactive.

  • Shown: When the browser window regains focus.

• Flexible Tracking: Options for continuous tracking or single-use detection of idle states.

Examples of svyIdle usage

Close Session When User Is Idle

This example demonstrates how to close the session if the user remains idle for a specified period of time.

/**
 * Callback function for idle state.
 */
function idle() {
    application.output("User is idle. Closing session...");
    security.logout(); // Close the session.
}

/**
 * Callback function for active state.
 */
function active() {
    application.output("User is active.");
}

function onShow(firstShow, event) {
	// Set up svyIdle with a 5-minute idle timeout.
	plugins.svyIdle.onIdle(onIdle, onActive, null, null, null, 300000, true, false, false);	
}

Explanation:

• onShow Function:

  • This function initializes the svyIdle service when the form is shown for the first time.

  • It sets up an idle timeout of 5 minutes (300000 milliseconds) using the onIdle method.

• Idle Callback (idle):

  • The idle function is triggered when the user remains inactive for 5 minutes.

  • It logs a message ("User is idle. Closing session...") and calls security.logout() to terminate the user's session.

• Active Callback (active):

  • The active function is triggered when the user resumes activity (e.g., mouse movement, keyboard input).

  • It logs a message ("User is active.").

• Configuration in onIdle:

  • The idle and active functions are passed as the first two parameters to onIdle.

  • Other parameters:

    • null values for unused callbacks (onHide and onShow).

    • Idle timeout: 300000 milliseconds (5 minutes).

    • keepTracking: true: Enables continuous tracking after the first idle event.

    • startAtIdle: false: The session does not start in an idle state.

    • recurIdleCall: false: Ensures the idle callback is triggered only once per idle event.

Show Dialog Before Closing the Idle Session

This example shows how to display a dialog when the user is idle, allowing them to extend their session or log out.

/**
 * Callback function for idle state.
 */
function idle() {
    application.output("User is idle. Prompting to extend session...");
    plugins.dialogs.showQuestionDialog(
        "Session Timeout",
        "Your session is about to expire. Do you want to stay logged in?",
        "Yes",
        "No"
    ) === "Yes" ? 
        active() : 
        security.logout();
}

/**
 * Callback function for active state.
 */
function active() {
    application.output("User chose to stay logged in.");
}

function onShow(firstShow, event) {
// Set up svyIdle with a 3-minute idle timeout.
plugins.svyIdle.onIdle(onIdle, onActive, null, null, null, 180000, true, false, false);
}

Explanation:

• onShow Function:

  • This function initializes the svyIdle service when the form is shown for the first time.

  • It sets up an idle timeout of 3 minutes (180000 milliseconds) using the onIdle method.

• Idle Callback (idle):

  • The idle function is triggered when the user remains inactive for 3 minutes.

  • It displays a confirmation dialog using plugins.dialogs.showQuestionDialog, prompting the user to extend their session:

    • If the user selects "Yes", the active callback is triggered to keep the session alive.

    • If the user selects "No", the session is terminated with security.logout().

• Active Callback (active):

  • The active function is called when the user chooses to extend their session via the dialog.

  • Logs a message ("User chose to stay logged in.").

• Configuration in onIdle:

  • The idle and active functions are passed as the first two parameters to onIdle.

  • Other parameters:

    • null values for unused callbacks (onHide and onShow).

    • Idle timeout: 180000 milliseconds (3 minutes).

    • keepTracking: true: Enables continuous tracking after the first idle event.

    • startAtIdle: false: The session does not start in an idle state.

    • recurIdleCall: false: Ensures the idle callback is triggered only once per idle event.